North Korean #hackers now using #Android backdoor #malware to target #religious groups in #South Korea

TheNorth Korean hacker group Lazarus, appears to have upped its game in going after targets. Security experts believe that the state-backed hackers have createdan Android malware tohack into their targets’ phones. Researchers suspect that this time, the hackers are targeting their rival South Korea.

The Lazarus hackersdesigned a backdoor malware that poses as a legitimate app – The Bible – which is an app that translates the holy book into Korean. According to researchers at McAfee, who discovered the malware, this is likely the first known instance of theNorth Korean hackersusing an Android malware to target mobile users.

McAfee researchers said the “code, infrastructure and tactics” suggest thatthe Lazarus groupis “responsible” for the attack and that the move to mobile indicates thatthe hackers are evolvingtheir tactics. The malware likely first appeared in the wild in March and has so far, had a limited distribution – only targeting Koreans. It is still unclear as to the scope of the Lazarus-createdbackdoor malware’s capabilities.

“Once the attackers have the backdoor installed, a variety of actions can be taken on the compromised device to keep it active for a longer period of time. Many of the commands in the backdoor are related to uploading downloading and browsing of files,” Raj Samani, chief scientist at McAfee said, Dark Reading reported.

Who are GodPeople and why is Lazarus going after the organisation?

According to McAfee researchers, the hackers may likely be going after the GodPeople organisation because the group has “a history of supporting religious groups in North Korea”.

“GodPeople is sympathetic to individuals from North Korea, helping to produce a movie about underground church groups in the North. Previous dealings with the Korean Information Security Agencyon discoveriesin the Korean peninsula have shown that religious groups are often the target of such activities in Korea,” McAfee researchers said in a blog.

A report by Forbes last year, Pyongyang has a deep-seated intolerance for any religion and North Korean citizens are found following any religion ­– be it Buddhism or Christianity – are sent to “political prisons” where they face torture, rape, abuse, enslavement and more. This could explain why Pyongyang’s hackers may be going after GodPeople.

Lazarus hackers’ move to mobile attacks also indicates that the group keeps itself up to date. According to Samani, the hackers can easily adapt the attack vector to also target global organisations.

Lazarus has previouslybeen blamed for launching numerous campaigns across the globe. The group is believed to have been involved in sophisticated, long-term cyberespionage campaigns as well as attacks against global financial institutions to generate revenue for the impoverished nation. The US government recently issued an alert about the hacker group’s recent exploits. Lazarus is considered to a major threat in cyberspace and given its latest move to mobile, the group may be evolving to ramp up its attacks against North Korea’s adversaries.